CVE-2022-0166

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
trellixCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
mcafeeagent
𝑥
< 5.7.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10378
https://www.kb.cert.org/vuls/id/287178
https://kc.mcafee.com/corporate/index?page=content&id=SB10378
https://www.kb.cert.org/vuls/id/287178